This December Patch Tuesday is considerably lighter than last month’s patch releases.  While only three of the fixes were for Windows operating systems, the majority of the vulnerabilities to pay attention to are Browser/Scripting Engine-based.

Overall, this month’s updates address are fixes for 32 unique CVEs, 19 of which are critical, and 24 of which address remote code execution at varying severity levels. No active exploits are listed by Microsoft again this month.

Continue reading …

Happy December! In this last Patch Tuesday installment for 2016, Microsoft released 12 security bulletins which brings the 2016 yearly count to 155. This is about 15% higher than last year. Out of more than 3 billion scans that Qualys performs each year we saw an increase of about 20% in the total number of Microsoft vulnerabilities. This increase can be attributed to an increase in the volume of scanning and to the 15% increase in number of Microsoft bulletins. But the year is not over and I will come up with the normalized number after the year ends.

Continue reading …